How to setup BIND DNS to retrieve all non authoritative queries from another server
Solution 1
Try adding the forwarders
directive to your options
section, and specifying the DNS server on your ASUS router or another external DNS server as in the following:
forwarders { 192.168.0.1; };
With this configuration, all queries for anything other than the locally served domain(s) should be routed to 192.168.0.1
.
Solution 2
Problem was solved by first adding
forwarders first;
forwarders { 192.168.1.1; };
and disabling dnssec
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
Related videos on Youtube
Beraben Systems
Updated on June 29, 2022Comments
-
Beraben Systems almost 2 years
Background: I have a home network with a few PC's/equipment and a cheap gateway router which does DHCP, DNS internet routing, etc.
IP addresses of devices on my network:
- cheap ASUS gateway router 192.168.1.1
- centos host with BIND installed 192.168.1.101 (I would like to name CVDEV.beraben.internal)I installed BIND (centos) on one of my local hosts because I want it to resolve names for devices on my local network.
I would like to setup BIND DNS to operate in the following way.
- Bind will provide an answer for the hosts on my local network (configured in the zone file seen below)
- Any requests for other hosts i.e. on the internet should be serviced by my ASUS router. (as it was before i decided to install BIND)
Here is the named.conf and zone file with my attempt on how this can be done. It works with the local hosts setup in the zone file but does not work for resolving internet hosts.
Can someone please point out what is wrong?
options { listen-on port 53 { 127.0.0.1; 192.168.1.101; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "external" { match-clients { none; }; zone "." IN { type hint; file "named.ca"; }; }; view "internal" { match-clients { 127.0.0.1; 192.168.1.0/24; }; zone "." IN { type forward; forwarders {192.168.1.1; 8.8.8.8;}; }; zone "beraben.internal" IN{ type master; file "beraben.internal.zone"; allow-query { any; }; allow-update { none;}; }; }; //include "/etc/named.rfc1912.zones"; //include "/etc/named.root.key";
beraben.internal.zone file
$TTL 86400 @ IN SOA ns1.beraben.internal. root.berabin.internal. ( 2013042201 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) ; Specify our two nameservers @ IN NS ns1.beraben.internal. ; Resolve nameserver hostnames to IP, replace with your two droplet IP addresses. ns1 IN A 192.168.1.101 ; Define hostname -> IP pairs which you wish to resolve @ IN A 192.168.1.101 www IN A 192.168.1.101 cvdev IN A 192.168.1.101
-
Beraben Systems over 10 yearsI have added the forwarders in the options list with forward first; forwarders { 192.168.1.1; }; I also tried 8.8.8.8 however neither made any difference. I also changed my zone "." IN to be a hint type instead of a forward type. still does not work for internet hosts.